A typical corporate organization, such as a bank or on-line retailer, utilizes the Internet to communicate with customers and vendors, to conduct research, and to perform various other tasks. For example, as part of the usual course of business, the organization can exchange proprietary information, such as financial, credit card or account information, with a client or client device. However, theft of proprietary information is one of the most costly security problems facing organizations today. For example, theft of financial data, customer lists, and intellectual property can impact revenues, increase legal costs, and erode long-term competitive advantages for an organization.
To minimize access to proprietary information exchanged between an organization and a client device over a network, the organization can typically establish a secured communication channel, such as a Transport Layer Security (TLS) or a Secure Sockets Layer (SSL) communication channel with the client device. In conventional systems, public and private keys, in combination with Public Key Infrastructure (PKI) certificates, can be utilized to establish a secured communication channel between the organization and the client device. For example, the usage of PKI in TLS results in the establishment of a shared secret that is used by the organization and the client device when encrypting and decrypting the proprietary information. Additionally, the use of a public-private key pair is used to prove the identity of one party, either the organization or the client device. A party's identity can be proven by signing using the public-private key pair and checked through verification. Conventionally, only the organization server will have the key pair, however the client device can as well. Accordingly, when either the organization server or the client device a person signs an electronic record with their corresponding private key, such a signature generates a digital signature code that the receiving organization server or client device can verify using the public key.
In use, in response to a request to establish a secured communications channel from the client device, the organization server transmits, to the requesting client device, a certificate that includes public key that has been signed by a trusted third party, known as a certificate authority. The certificate authority holds a trusted position because the certificate that it issues verifies the identity of the organization server. Accordingly, once the client device has checked the certificate to make sure that it comes from a trusted certificate authority, the client device can utilize its private key and the shared public key to securely communicate with the organization via the organization server.